package org.pearl.springbootsecurity.demo.controller;

import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import org.pearl.springbootsecurity.demo.aop.TestInterceptor;
import org.pearl.springbootsecurity.demo.dao.UserMapper;
import org.pearl.springbootsecurity.demo.entity.User;
import org.pearl.springbootsecurity.demo.filter.MyConfig;
import org.pearl.springbootsecurity.demo.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpSession;

/**
 * Created by TD on 2021/6/30
 */
@RestController
public class TestController {

    @Autowired
    MyConfig config;
    @Autowired
    UserService userService;
    @Autowired
    UserMapper userMapper;


    @GetMapping("/testDataScope")
    public Object testDataScope() {
      //  userMapper.testWith();
       return userMapper.getUserInfoByUserName("test");
    }

    @GetMapping("/test")
    // @Secured({"ROLE_root","ROLE_manager"})
    // 表示有ROLE_ROOT角色才能访问
    // @PreAuthorize("hasRole('ROLE_ROOT')")
    // 表示有ROLE_root或者ROLE_manager角色即可访问
    // @PreAuthorize("hasAnyRole('ROLE_root','ROLE_manager')")
    // 表示有add:user这个权限值即可访问，不区分角色或者权限
    //  @PreAuthorize("hasAuthority('add:user')")
    // 有其中一个权限值即可访问
    // @PreAuthorize("hasAnyAuthority('add:user','user:update')")
    // 表示只要登录都可以访问
    // @PreAuthorize("permitAll()")
    // 拒绝所有访问
    //@PreAuthorize("denyAll()")
    //@PreAuthorize("hasPermission(OAuth2ImportSelector,'add')")
    // @PostFilter(value = "filterObject.userName == 'test'")
    //@PreAuthorize("hasRole('ROLE_ROOT')")
    public Object test() {
        SecurityContext context = SecurityContextHolder.getContext();
        Authentication authentication = context.getAuthentication();
        return authentication.getPrincipal();
    }

    @GetMapping("/403")
    //@PreAuthorize("hasUser('user','bbb')")
    @TestInterceptor("TestInterceptor")
    @PreAuthorize("hasPermission('ROLE_ROOT')")
    public String code403() {
        return "templates/403";
    }


    @GetMapping("/session")
    //@PreAuthorize("hasUser('user','bbb')")
    public Object session(HttpSession httpSession, String name) {
        Object attribute = httpSession.getAttribute(name);
        return attribute;
    }

    @GetMapping("/test111")
    //@PreAuthorize("hasUser('user','bbb')")
    public Object test111(HttpSession httpSession, String name) {
        Object attribute = httpSession.getAttribute(name);
        return "attribute";
    }

}
